Thanks but I believe that shouldn't be necessary. It works for my webmail client and android phone but not Thunderbird on mac or pc via port 465.
I then tried to get to the admin webserver to see the settings and I can't since upgrading, its like the password is not correct. It used to be nospam4me but cant get that to work. Any ideas on that anyone? Thanks Paul On Wed, 28 Sep 2011 20:02:45 -0700, Jeremy McSpadden wrote: > ASSP SSL support on port 465 using stunnel (#03) > ( updated 11 Mar 2011 , compatible with all ASSP versions) > > Be sure your all your ASSP alternative ports (listePort2) are allowed > on your firewall (TCP IN/OUT). > Using below "how to" you can use SMTP SSL/TLS to send email securely > using port 465. > If you want secure imap receiving , you should use port 143 with > STARTTLS > If you want secure pop3 receiving , you should use port 110 with > STARTTLS > > Thanks to Szymon Rybczynski > (pro-net-hosting.com<http://pro-net-hosting.com> and prohost.pl) > > HOW TO > All lines starting with # are commands to execute as root. > > 1. You need stunnel installed. Cpanel should have stunnel installed. > To check: > # stunnel -version > If you get something like "stunnel 4.05 on i686-redhat-linux-gnu > PTHREAD+LIBWRAP with OpenSSL 0.9.7a Feb 19 2003" you can continue. > > 2. You can make your own certificate for SSL or use cPanel cert. This > howto shows how to use cPpanel cert. To make your own cert just > search > google for instruction and change cert path in stunnel.conf to your > cert. > > 3. Setting up stunnel user and config file: > > > # adduser stunnel;passwd stunnel > > > Set password for user stunnel > > # cd /etc/stunnel;nano -w stunnel.conf > > copy and paste this: > > cert = /etc/stunnel/cpanel.pem > chroot = /usr/local/cpanel/var/run/stunnel-assp/ > pid = /stunnel.pid > setuid = stunnel > setgid = stunnel > output = /var/log/stunnel.log > [ssmtp] > accept = 465 > connect = 127.0.0.2:26 > > > note : you should replace 26 with your preferred alternative port you > have setup in listenPort2 , by default you will find port 26 > Save the file. > > 4. Copy cPanel cert. > > If you have set correctly your own certificate for your cpanel/exim > services in > WHM > Service Configuration >> Manage Service SSL Certificates > > execute this > > # cp /var/cpanel/ssl/cpanel/mycpanel.pem /etc/stunnel/cpanel.pem > > > otherwise execute this > > # cp /var/cpanel/ssl/cpanel/cpanel.pem /etc/stunnel/cpanel.pem > > Note : if /usr/local/cpanel/etc/cpanel.pem or (mycpanel.pem) does not > exists you can find > the cpanel certificate also here > /var/cpanel/ssl/cpanel/cpanel.pem , in this case execute this > # cp /usr/local/cpanel/etc/cpanel.pem /etc/stunnel/ > > Now execute this > > > # cd /etc/stunnel/;chown stunnel.stunnel cpanel.pem > > > > 5. Create run dir. > > # cd /usr/local/cpanel/var/run/;mkdir stunnel-assp;chown > stunnel.stunnel stunnel-assp > > > 6. Setup 127.0.0.2 - if you don't do this you will create open relay > on SSL port. > > > # cp /etc/sysconfig/network-scripts/ifcfg-lo > /etc/sysconfig/network-scripts/ifcfg-lo:1; > # nano -w /etc/sysconfig/network-scripts/ifcfg-lo:1 > > Change it to look like this: > > > DEVICE=lo:1 > IPADDR=127.0.0.2 > NETMASK=255.0.0.0 > NETWORK=127.0.0.0 > BROADCAST=127.255.255.255 > ONBOOT=yes > NAME=myloop > Save. > > 7. Now bring lo:1 up. > > > # /etc/sysconfig/network-scripts/ifup-aliases lo > > # ifconfig > > It should now list 127.0.0.2 > > 8. Login to ASSP web interface (ip:55555) and change: > Network Setup: > ------------ > Second SMTP Listen Port > 26 > ------------ > Second SMTP Destination > 127.0.0.1:125 > ------------ > Force SMTP AUTH on Second SMTP Listen Port > Checked > ------------ > > Relaying: > ------------ > Accept All Mail > 127.0.0.1 > > If you make a mistake here you can make your mail server open relay > so double check the settings. > > 8. Open TCP IN/OUT port 465 on your firewall. > > 9. Now you are ready to start stunnel. Execute: > > # stunnel /etc/stunnel/stunnel.conf > > At this moment your SSL connection should work. Test it: > > # openssl s_client -quiet -connect localhost:465 > > > If you get error then something is wrong and you need to check > /var/log/stunnel.log > > If you get something like: > "depth=0 > > /C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=dom.host.com/emailAddress=ssl.net > verify error:num=18:self signed certificate > verify return:1 > depth=0 > > /C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=dom.host.com/emailAddress=ssl.net > verify return:1 > 220-pol.nameserverus2.com<http://220-pol.nameserverus2.com> ESMTP > Exim 4.63 #1 Mon, 23 Jul 2007 15:42:14 +0200 > 220-We do not authorize the use of this system to transport > unsolicited, > 220 and/or bulk e-mail." > > Everything is ok and ready to use. > > Note If you don't want see SSL popup when you send email using port > 465 be sure that at point 4) you copied the mycpanel.pem certificate > and your users must send email using as smtp the address of your > shared ssl . If you change the .pem file , and you can't see the new > certificate loaded correctly using > > # openssl s_client -quiet -connect localhost:465 > > execute this > > # service cpanel restart > # /usr/local/cpanel/3rdparty/bin/php-cgi > /usr/local/assp/deluxe/ex_localdomains.php > > now if you execute this > > # openssl s_client -quiet -connect localhost:465 > > you should see your server SSL certificate. > > > 10. if you would monitor stunnel daemon in case it goes down you can > add check_ssl=yes to your status.php cron in this way > > */2 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi > /usr/local/assp/deluxe/status.php check_ssl=yes > > If you are using an alternative port different from port 26 , i.e. > 40000 , in this case you should add also altport=40000 > > */2 * * * * /usr/local/cpanel/3rdparty/bin/php-cgi > /usr/local/assp/deluxe/status.php check_ssl=yes altport=40000 > > -- > Jeremy McSpadden > Flux Labs, Inc > http://www.fluxlabs.net<http://www.fluxlabs.net/> > Endless Solutions > Office : 850-588-4626 > Cell : 850-890-2543 > Fax : 850-254-2955 > > On Sep 28, 2011, at 9:58 PM, Paul Farrow wrote: > > > played around with the settings in thunderbird now and getting this > > Sep-28-11 22:57:34 [Worker_1] Connected: 10.1.10.149:49970 > > 70.88.29.81:465 > 70.88.29.81:34217 > 70.88.29.81:125 , 4-16 > Sep-28-11 22:57:34 [Worker_1] 10.1.10.149 Message-Score: added 25 for > EarlyTalker, total score for this message is now 25 > Sep-28-11 22:57:34 [Worker_1] 10.1.10.149 [SMTP Error] 554 5.7.1 > Misbehaved SMTP session (EarlyTalker) > Sep-28-11 22:57:34 [Worker_1] Disconnected: 10.1.10.149 - command > list > was 'n/a' - used 1 SocketCalls > > > any ideas? > > Thanks > > Paul > > On Wed, 28 Sep 2011 19:53:44 -0700, Jeremy McSpadden wrote: > What's accepting the ssl connection? Are you using stunnel ? Or the > SSL in ASSP? > > > -- > Jeremy McSpadden > > On Sep 28, 2011, at 9:51 PM, "Paul Farrow" > <[email protected]<mailto:[email protected]>> > wrote: > > > not with you ?? > > Sorry > > On Wed, 28 Sep 2011 19:48:14 -0700, Jeremy McSpadden wrote: > Using stunnel ? > > > -- > Jeremy McSpadden > > On Sep 28, 2011, at 9:46 PM, "Paul Farrow" > <[email protected]<mailto:[email protected]>> > wrote: > > > > Since upgrading to version 2, instead of an intermittent problem > with Thunderbird I have a problem all the time. > > The logs say this > > > Sep-28-11 22:40:00 [Worker_1] Connected: 10.1.10.149:49617 > > 70.88.29.81:465 > 70.88.29.81:56683 > 70.88.29.81:125 , 4-16 > Sep-28-11 > 22:40:00 [Worker_1] 10.1.10.149 info: removed '250-STARTTLS' from > reply > Sep-28-11 22:40:00 [Worker_1] Disconnected: 10.1.10.149 - command > list was 'EHLO,QUIT' - used 2 SocketCalls > > and thunderbird says > > > Thanks > > -- > Paul > > > > > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure > contains a > definitive record of customers, application performance, security > threats, fraudulent activity and more. Splunk takes this data and > makes > sense of it. Business sense. IT sense. Common sense. > http://p.sf.net/sfu/splunk-d2dcopy1 > _______________________________________________ > Assp-user mailing list > > [email protected]<mailto:[email protected]> > https://lists.sourceforge.net/lists/listinfo/assp-user > > > > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure > contains a > definitive record of customers, application performance, security > threats, fraudulent activity and more. Splunk takes this data and > makes > sense of it. Business sense. IT sense. Common sense. > http://p.sf.net/sfu/splunk-d2dcopy1 > _______________________________________________ > Assp-user mailing list > > [email protected]<mailto:[email protected]> > https://lists.sourceforge.net/lists/listinfo/assp-user > > > > > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure > contains a > definitive record of customers, application performance, security > threats, fraudulent activity and more. Splunk takes this data and > makes > sense of it. Business sense. IT sense. Common sense. > http://p.sf.net/sfu/splunk-d2dcopy1 > _______________________________________________ > Assp-user mailing list > > [email protected]<mailto:[email protected]> > https://lists.sourceforge.net/lists/listinfo/assp-user > > > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure > contains a > definitive record of customers, application performance, security > threats, fraudulent activity and more. Splunk takes this data and > makes > sense of it. Business sense. IT sense. Common sense. > http://p.sf.net/sfu/splunk-d2dcopy1 > _______________________________________________ > Assp-user mailing list > > [email protected]<mailto:[email protected]> > https://lists.sourceforge.net/lists/listinfo/assp-user > > > > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure > contains a > definitive record of customers, application performance, security > threats, fraudulent activity and more. Splunk takes this data and > makes > sense of it. Business sense. IT sense. Common sense. > http://p.sf.net/sfu/splunk-d2dcopy1 > _______________________________________________ > Assp-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-user > > > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure > contains a > definitive record of customers, application performance, security > threats, fraudulent activity and more. Splunk takes this data and > makes > sense of it. Business sense. IT sense. Common sense. > http://p.sf.net/sfu/splunk-d2dcopy1 > _______________________________________________ > Assp-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-user ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
